C2C Forward Auction Creator contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /auction/casp/admin.asp script not properly sanitizing user-supplied input before using it in SQL queries. This may allow an attacker to manipulate an SQL query that will result in bypassing authentication. Once authenticated, the attacker will have access to the application with the same privileges as the admin account used during the authentication bypass.